Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-18847

When "corrupted" public key is supplied to server, user is not informed

XMLWordPrintable

    • Release Notes, User Experience
    • Regression
    • +
    • Hide

      Deploy attached WAR which has set following MP properties:

      mp.jwt.verify.publickey=foobarqux
      mp.jwt.verify.issuer=issuer
      
      Show
      Deploy attached WAR which has set following MP properties: mp.jwt.verify.publickey=foobarqux mp.jwt.verify.issuer=issuer

      When corrupted public key (a valid key cannot be extracted from the string value) is supplied to JWT verifier, user is not informed since there is no error message in log and clients receives 401 status code in response instead of an error code of 500.

      This is a regression when compared against state when the feature was being merged.

              lvydra Lukas Vydra
              jkasik@redhat.com Jan Kašík
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: